SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

Mar 12, 2025

Microsoft just patched six exploited vulnerabilities, including a critical fix for its DNS server. Apple responded with an update for WebKit vulnerabilities affecting iOS and macOS. The podcast also discusses Espressif’s reassurance about their ESP32 chipsets, clarifying that recent claims of 'backdoors' are related to debug commands and not Bluetooth access. Tune in for insights on these essential security updates!

07:54

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Microsoft addressed over 50 vulnerabilities in Patch Tuesday, highlighting the importance of timely updates to fend off exploitation risks.

Apple's update for WebKit underscores the significance of vigilance in software security amidst ongoing targeted attacks on users.

Deep dives

Exploit Trends in Microsoft Patch Tuesday

Microsoft's recent Patch Tuesday addressed over 50 vulnerabilities, with six already being exploited. Of these, many relate to file system issues involving NTFS and a FAT vulnerability, which could lead to remote code execution. The typical exploitation method requires a victim to open a corrupt VHD file, or an attacker with remote access can mount it. These vulnerabilities are considered important rather than critical due to their complexity and the prerequisites needed to exploit them.

Analyzing Recent Vulnerabilities in Microsoft and Apple Updates

8min

Microsoft Patch Tuesday
Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756
Apple Updates iOS/macOS
Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS.
https://support.apple.com/en-us/100100
Expressif Response to ESP32 Debug Commands
Expressif released a statement commenting on the recent release of a paper alledging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth.
https://www.espressif.com/en/news/Response_ESP32_Bluetooth

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Exploit Trends in Microsoft Patch Tuesday

Apple's Timely Security Update

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights